12/19/2014

Healthcare organizations aren’t just responsible for protecting their patients’ health, they are also accountable for protecting their personal health information. Given the nature of the healthcare industry, hospitals and health systems are repositories for sensitive information ranging from medical histories and prescriptions to personal information such as billing information, Social Security Numbers and insurance claim information. Gathered in one place, this can be a treasure trove for someone with ill intentions.

Every day millions of emails containing patient health information are exchanged by healthcare organizations. To meet compliance needs and protect this information in transit, it must be properly encrypted. However, one of the biggest obstacles healthcare organizations face with any sort of technology, including encryption, is incorporating it into the day-to-day workflow without having it distract from their No. 1 priority — patient care.

When the Health Insurance Portability and Accountability Act (HIPAA) went into effect in 2003, one of East Tennessee’s largest primary care organizations, Summit Medical Group, was one of the first healthcare organizations to adopt an email encryption solution. Summit Medical Group’s goal was twofold — find a solution that effectively secures patients’ protected health information (PHI) and have it be un-intrusive for staff to use.

After looking at a variety of options, the team chose Zix Email Encryption. Eleven years later Summit Medical Group is still happy with the decision and just signed its third renewal.

“We originally brought Zix Email Encryption on board in 2003 due to HIPAA compliance laws as they related to protecting PHI,” said Joseph Ortiz, chief information officer for Summit Medical Group. “We continue to use the service because, quite frankly, it’s the best product that’s out there.”

With Zix Email Encryption, the team at Summit Medical doesn’t have to worry about an email slipping through the cracks unencrypted. The policy filters employed by ZixGateway automatically scan emails, including their attachments and subject lines, for any sensitive information and can encrypt, route or block those emails according to corporate policies.

With Zix, doctors and staff don’t have to think twice about hitting send on an email. Instead, they go about their day as if they were using regular email.

“With ZixCorp, we send email ‘automagically’ since it operates in the background. This has a minimal impact on both physician and employee workflows since no extra steps are required,” explained Ortiz. “If you know you’re sending PHI, you can explicitly encrypt the email using the encryption button, but even if you don’t think about it, ZixGateway will still catch it and ensure the safekeeping of PHI.”